#!/bin/bash

## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

source /usr/libexec/helper-scripts/get_colors.sh

check_tirdad_module() {
   local link_cli link_gui MSG help_msg only_if_verbose output_type
   if [ "$silent" -ge "4" ]; then
      true "silent is $silent. Skipping $FUNCNAME."
      return 0
   fi

   link_cli="https://github.com/Kicksecure/tirdad"
   link_gui="<a href=\"$link_cli\">tirdad - TCP ISN CPU Information Leak Protection</a>"

   if [ -f '/usr/share/qubes/marker-vm' ]; then
      only_if_verbose=true
      help_msg="<br/>
- Reason: Qubes detected.<br/>
- Known Qubes issue: <a href=https://github.com/QubesOS/qubes-issues/issues/9570>https://github.com/QubesOS/qubes-issues/issues/9570</a><br/>
- No need to report this."
   ## Variable 'secure_boot_status_enabled' is set in 'check_secure_boot.bsh'.
   elif [ "$secure_boot_status_enabled" = "true" ]; then
      only_if_verbose=false
      help_link_cli="https://www.kicksecure.com/wiki/Secure_Boot"
      help_link_gui="<a href=\"$help_link_cli\">Secure Boot</a>"
      if live-status-detected ; then
         help_msg="\
<br/>
- Reason: kernel module 'tirdad' is NOT loaded.<br/>
- This only matters if internet connectivity is used.<br/>
- Secure Boot is enabled. Secure Boot DKMS Signing Key Enrollment may be required.<br/>
- Refer to the Kicksecure wiki: $help_link_gui<br/>
- No need to report this. Please read the documentation."
      else
         help_msg="\
<br/>
- Reason: kernel module 'tirdad' is NOT loaded.<br/>
- This only matters if internet connectivity is used.<br/>
- Secure Boot is enabled. Secure Boot DKMS Signing Key Enrollment may be required.<br/>
- Refer to the Kicksecure wiki: $help_link_gui<br/>
- No need to report this. Please read the documentation."
      fi
   else
      only_if_verbose=false
      help_msg="<br />
- Reason: kernel module 'tirdad' is NOT loaded."
   fi

   if grep --ignore-case --fixed-strings -- "tirdad" >/dev/null < <(lsmod); then
      MSG="<p>$link_gui: <font color=\"green\">Enabled</font></p>"
      $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG"

      MSG="$link_gui: ${green}Enabled${nocolor}
For details, see: $link_cli"
      $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG"
   else
      if [ "$only_if_verbose" = "true" ]; then
         if [ "$verbose" -ge "1" ]; then
            true "OK"
         else
            true "Skipping tirdad warning: Qubes detected and not in verbose mode."
            return 0
         fi
      fi

      if [ -f '/usr/share/qubes/marker-vm' ]; then
         output_type="info"
         reason="Qubes detected.<br/>
   Qubes issue: <a href=https://github.com/QubesOS/qubes-issues/issues/9570>https://github.com/QubesOS/qubes-issues/issues/9570
</a>"
      else
         output_type="warning"
         reason="Not booted in EFI mode."
         EXIT_CODE="1"
      fi

      MSG="<p>$link_gui: <font color=\"orange\">Disabled</font> $help_msg</p>"
      $output_x ${output_opts[@]} --messagex --typex "$output_type" --message "$MSG"

      MSG="$link_gui: ${yellow}Disabled${nocolor}
$help_msg"
      $output_cli ${output_opts[@]} --messagecli --typecli "$output_type" --message "$MSG"
   fi
}